Simon Schick <simonsimcity@xxxxxxxxxxxxxx> wrote: >Hi, all > >When you ask for a captcha, I'd first ask what do you want to use it >for. >If you read the first lines of Wikipedia it has been developed to >differ >between a real user and a bot. > >If you'd now say that you want to use it to protect spam in a formula >I'd >give you the same explanation that you can find here in german (in a >bit >more text): http://www.1ngo.de/web/captcha-spam.html >The author of this link says that captchas are not efficient enough and >give a new unnecessary barrier to all users. He also declaims that bots >nowadays are better than ever and can even read captchas that many >humans >are not able to read. >For this reason he provides a list of extra stuff that you can use to >protect your formula against spam instead of a picture that's text >should >be written in an input-field. > >One of those is the honey-pot. You simply create an additional field >(f.e. * >email2*) hide it for most visitors (using *css*) and ignore the comment >if >there's text in here. As most of the bots cannot read css they'll fill >a >valid email-address in here :) But then you also have to think about >users >that have css disabled f.e. *ScreenReader*. Another disadvantage of >this >issue is that you can use an auto-field-fill mechanism provided by the >browser who could fill this field ... But both cases should not be that >difficult. For the screenreder you can change the label for the field >to >look like *Do not paste your email in here. Just leave it empty.* Just >to >have the word email again in here ;) > >Another good thing is to think about how fast this form can be >submitted >when the user enters the formula for the first time. Also think about >the >second time, when the user as entered some wrong values and you have to >show him a message. >If you have a formula that contains more than 5 fields it's quite >unusual >that the user can submit that below 2 sec after receiving the response. >You >could even add a feature by using javascript that the user cannot >submit >this form or his request will be delayed for a view seconds (one or >two). > >If you want to know more about that, out there are plenty of plugins >for >different systems where you can see what other possibilities you have. >One >extension i like is the one from TYPO3. They have quite a bunch of such >things and you can give each of the checks a value. If the sum of the >values of the failing tests reaches a configured level, this >form-submission will be rejected. >http://typo3.org/extensions/repository/view/wt_spamshield/current/ > >Wordpress: http://antispambee.de/ > >Bye >Simon > >2012/2/17 Savetheinternet <savetheinternet@xxxxxxxxxxxxx> > >> On Fri, Feb 17, 2012 at 3:40 PM, Donovan Brooke <lists@xxxxxxx> >wrote: >> > Hello, >> > >> > Does anyone know of a basic (open source or freeware) form captcha >system >> > for PHP? >> > >> > TIA, >> > Donovan >> > >> > >> > >> > >> > -- >> > D Brooke >> > >> >> Hi, >> >> There are plenty of free PHP captcha scripts out there. Just google >> "captcha PHP". Securimage (phpcaptcha.org) looks relatively okay. >> >> Thanks, >> Michael >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> I would avoid making a user type in something they see in a picture, as you've just succeeded in pissing off a bunch of blind people. Also, avoid relying on javascript. It can be turned off, disabled, blocked and sometimes isn't available at all, such as with some speech/Braille browsers. One popular route is to ask a question that only a human could answer. I use this method on the contact page of my site. I just ask a question such as Multiply the number of heads a person has by the number of legs on 2 dogs. It's easy for a human, but requires context, something a bot can't do effectively. Thanks, Ash http://ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php